Data Breaches

When a company engages in business with a government, especially with the defense sector of that government, one should expect that security surrounding the engagement would be a serious endeavor. A recent report offered up by CyberSheath throws cold water on that assumption—indeed, DEFENSELESS – A statistical report on the state of cybersecurity maturity across the defense industrial base (DIB) should embarrass the sector and begs the question: why are some companies still allowed to…

Read More

Firewall and security software vendor Palo Alto Network’s annual Ignite conference kicked off Tuesday, highlighted by several product announcements, which were unveiled alongside the company’s latest threat report. Palo Alto’s “What’s Next in Cyber” report named ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious insiders and DDoS attacks rounding out the top five. Over the course of the past year, 96% of respondents to…

Read More

The European Commission announced Tuesday that is has officially begun the process of approving the EU-US Data Privacy Framework—hammered together to allow the flow of data between the US and the European Union—after concluding that the framework provides privacy safeguards comparable to those of the EU. After President Biden signed the executive order that implemented rules for the Trans-Atlantic Data Policy Framework in the US in October, the Commission conducted an assessment into the US legal…

Read More

The Payment Card Industry Security Standards Council (PCI SSC) has published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. One of two standards that make up the PCI Software Security Framework (SSF), the PCI Secure Software Standard sets out requirements to help ensure that payment software is designed, developed, and maintained in a manner that protects transactions and data, minimizes vulnerabilities, and defends against attacks. The latest version introduces minor…

Read More

In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake. Missing from the…

Read More

We’re about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. “With the shifts in the cybersecurity landscape, 2022 has been a milestone year…

Read More

CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers. The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users…

Read More

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released…

Read More